BGP Prevent Transit AS

Hello Giovanni

You are correct, that if a provider does not allow its own network to become a transit network, then this can potentially cause problems to routing on the Internet.

Remember that the Internet has a hierarchical structure. Within its structure, we have Tier 1, Tier 2, and Tier three networks. The following diagram shows an example of how these interconnect:

image

Tier 1 networks must route all traffic that they receive, to any other connected network.
Tier 2 networks must route all traffic that they receive, to any other connected network, except from one Tier 1 network to another Tier 1 network.
Tier 3 networks must route all traffic that they receive to any other connected network, except from one Tier 2 or 1 network to another Tier 2 or 1 network.

So, if you have a Tier 3 network (your ISP for example), and it is connected to two or more Tier 2 networks, then your ISP should not be responsible for routing traffic from one Tier 2 network to another Tier 2 network. This will overload the ISP’s network with traffic it was never designed to carry.

Now that is the architecture of the Internet. For this specific lesson, the concept focuses on the edge of an enterprise network. If you connect to two ISPs, and you are exchanging BGP routes, you may end up advertising BGP routes from one ISP into the other, thus becoming a transit AS. This will result in the enterprise network carrying public Internet traffic, a load that it was not designed for, and for which it is not responsible. This is where the feature described in this lesson comes in handy.

I hope this has been helpful! Stay healthy and safe!

Laz

2 Likes